Application Pool monitoring in Log Analytics

Frequent Contributor

We're in the process of moving all of our monitoring from SCOM to Log Analytics, and obviously Management Packs are not always going to translate to LA. 


Has anyone done IIS Application Pool monitoring in Log Analytics yet? Specifically, looking for a way to monitor if an application pool is up or not. It's not clear how the MP in SCOM does this, so it's not clear on what I should be looking for in Log Analytics. EventLog? 

3 Replies

Have you considered also looking at the Perf counters and the EventLog?


The EventLog does have details (assuming the App Pool is sending the logs to the "System" Event Log)



| where EventLog  == "System" and Source == "Microsoft-Windows-WAS"
| parse   ParameterXml with * "</Param><Param>" AppPoolName "</Param><Param>" * 
| summarize by AppPoolName, EventID, RenderedDescription, Computer
//| summarize by AppPoolName, EventID
I don't have many EventIDs in my subscription (2 App pools which don't do much), but these should be easy to spot in your environment.




I have some SLA sample queries (these merge Heartbeat + Perf entries) but you can change it to EventLog and Perf  here




IS the anyway to query IIS Logs and currently what I observe is we are fetching data based on the EventLog and querying System Logs , but here we are only able to fetch the status Shutdown and not all status of App Pool , since if at all we need identify the health or status of the AppPool before shutdown it can only be useful and based on that we can generate the alert and take the corrective action.

Also I was wondering if we make use of Application Insights to achieve this and how does the Azure Log Analytics is different from these .


Please let me know your thoughts in regards to the same and is there any ways to query the IIS logs.



@SamsonJohn I'm also looking for the same.


If anyone idea about how to get the state of IIS app pools which are available through log analytics work space in order to configure alert rule or else suggest how to user azure runbooks in action groups while configuring alert rule